﻿<%@ Page Language="C#" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Timers" %>

<%
    if (Request.Cookies["userID"] == null)
    {
        Response.Redirect("login.aspx", true);
    }
    else if (Request.QueryString["userID"] == null || Request.QueryString["groupID"] == null || Request.QueryString["accepted"] == null)
    {
        Response.Write("非法调用本页面！");
    }
    else
    {
        string localUser = Request.Cookies["userID"].Value;

        string userID = Request.QueryString["userID"];
        string groupID = Request.QueryString["groupID"];
        bool accepted = Convert.ToBoolean(Convert.ToInt32(Request.QueryString["accepted"]));
        
        //检查登录者是不是管理员
        ConnectionStringSettings settings = ConfigurationManager.ConnectionStrings["connectionString"];
        using (SqlConnection dataBaseConnection = new SqlConnection(settings.ConnectionString))
        {
            dataBaseConnection.Open();

            string queryString = "SELECT GroupID " +
                                 "FROM GroupInfo " +
                                 "WHERE CreatedBy = @CreatedBy";
            SqlCommand command = new SqlCommand(queryString, dataBaseConnection);
            SqlParameter CreatedByParameter = new SqlParameter("@CreatedBy", localUser);
            command.Parameters.Add(CreatedByParameter);
            SqlDataReader reader;
            try
            {
                reader = command.ExecuteReader();
            }
            catch (Exception exception)
            {
                Response.Write("数据库方面发生了错误，请联系我们以解决 AFTER MANAGER CHECK " + exception.Message);
                return;
            }

            reader.Read();
            if (groupID != reader["GroupID"].ToString())
            {
                Response.Write("您不是该小组的管理员，只有管理员才可以处理申请");
                reader.Close();
                return;
            }
            else
            {
                reader.Close();

                SqlParameter GroupIDParameter = new SqlParameter("@GroupID", groupID);
                SqlParameter userIDParameter = new SqlParameter("@userID", userID);
                
                //确认管理员身份，执行操作
                if (accepted)
                {
                    //向MembersOfGroups表添加归属信息
                    queryString = "INSERT INTO MembersOfGroups(GroupID, MemberID) " +
                                  "VALUES(@GroupID, @userID)";
                    command.CommandText = queryString;
                    command.Parameters.Clear();
                    
                    command.Parameters.AddRange(new SqlParameter[]{GroupIDParameter, userIDParameter});
                    try
                    {
                        command.ExecuteNonQuery();
                    }
                    catch (Exception exception)
                    {
                        Response.Write("数据库方面发生了错误，请联系我们以解决 AFTER INSERT INTO MembersOfGroups " + exception.Message);
                        return;
                    }
                    
                    //将小组ID添加到申请人个人信息中
                    //获取原来小组字符串
                    queryString = "SELECT GroupIDs " +
                                  "FROM users " +
                                  "WHERE userID = @userID";
                    command.CommandText = queryString;
                    command.Parameters.Clear();
                    command.Parameters.Add(userIDParameter);
                    try
                    {
                        reader = command.ExecuteReader();
                    }
                    catch (Exception exception)
                    {
                        Response.Write("数据库方面发生了错误，请联系我们以解决 AFTER GET GroupIDs " + exception.Message);
                        return;
                    }

                    reader.Read();
                    string groupIDs = reader["GroupIDs"].ToString();
                    reader.Close();

                    //将本小组加入已加入小组字符串
                    groupIDs = groupIDs + "&" + groupID;

                    //更新groupIDs至数据库
                    queryString = "UPDATE users " +
                                  "SET GroupIDs = @GroupIDs " +
                                  "WHERE userID = @userID";
                    command.CommandText = queryString;
                    command.Parameters.Clear();
                    SqlParameter GroupIDsParameter = new SqlParameter("@GroupIDs", groupIDs);
                    command.Parameters.AddRange(new SqlParameter[]{GroupIDsParameter, userIDParameter});
                    try
                    {
                        command.ExecuteNonQuery();
                    }
                    catch (Exception exception)
                    {
                        Response.Write("数据库方面出现了错误，请联系我们以解决 AFTER UPDATE FOR GroupIDs " + exception.Message);
                        return;
                    }

                    //更新groupinfo的membercount列
                    queryString = "UPDATE GroupInfo " +
                                  "SET MemberCount = MemberCount + 1 " +
                                  "WHERE GroupID = @GroupID";
                    command.CommandText = queryString;
                    command.Parameters.Clear();
                    command.Parameters.Add(GroupIDParameter);
                    try
                    {
                        command.ExecuteNonQuery();
                    }
                    catch (Exception exception)
                    {
                        Response.Write("数据库方面出现了错误，请联系我们以解决 AFTER UPDATE GroupInfo " + exception.Message);
                        return;
                    }
                    //至此同意请求的操作执行完毕
                }
                
                //请求执行完毕或者拒绝请求，删除请求
                queryString = "DELETE FROM RequestList " +
                              "WHERE GroupID = @GroupID AND userID = @userID";
                command.CommandText = queryString;
                command.Parameters.Clear();
                command.Parameters.AddRange(new SqlParameter[]{GroupIDParameter, userIDParameter});
                try
                {
                    command.ExecuteNonQuery();
                }
                catch (Exception exception)
                {
                    Response.Write("数据库方面发生了错误，请联系我们以解决 AFTER DELETE REQUSET " + exception.Message);
                    return;
                }
                
                dataBaseConnection.Close();
                Response.Redirect("welcome.aspx", true);
            }
        }
    }
    
%>